I'll explain here how to setup a web proxy with antivirus capabilities We will use these tools : Squid + ClamAV + a patched version of DansGuardian We will be needing following tools to get this task done Squid : www.squid-cache.org ClamAV : www.clamav.net DansGuardian : dansguardian.org Note: You can download Squid rpm from the default RHEL/CentOS repo. Requirements for Squid: Squid should be running on port 3128 should only entertain request from localhost /etc/squid/squid.conf : http_port 3128 acl localhost src 127.0.0.0/255.0.0.0 http_access allow localhost http_access deny all Install DansGuardian with the antivirus plugin from SecurityTeam.us repo : Install the SecurityTeamUS repo : rpm -ihv http://repo.securityteam.us/repository/redhat/securityteamus-repo-latest.rpm Install DansGuardian-av and its dependencies (included on SecurityTeamUS) : yum install dansguardian-av
Output : Setting up Install Process Setting up repositories SecurityTeamUS 100% |=========================| 951 B 00:00 Reading repository metadata in from local files primary.xml.gz 100% |=========================| 30 kB 00:00 SecurityTe: ################################################## 68/68 Added 68 new packages, deleted 0 old in 0.88 seconds Parsing package install arguments Resolving Dependencies --> Populating transaction set with selected packages. Please wait. ---> Downloading header for dansguardian-av to pack into transaction set. dansguardian-av-2.8.0.6-1 100% |=========================| 24 kB 00:00 ---> Package dansguardian-av.i386 0:2.8.0.6-1 set to be updated --> Running transaction check --> Processing Dependency: libclamav.so.1 for package: dansguardian-av --> Processing Dependency: clamd for package: dansguardian-av --> Processing Dependency: libesmtp.so.5 for package: dansguardian-av --> Processing Dependency: libesmtp for package: dansguardian-av --> Processing Dependency: clamav for package: dansguardian-av --> Restarting Dependency Resolution with new changes. --> Populating transaction set with selected packages. Please wait. ---> Downloading header for libesmtp to pack into transaction set. libesmtp-0.8.12-1.i386.rp 100% |=========================| 4.9 kB 00:00 ---> Package libesmtp.i386 0:0.8.12-1 set to be updated ---> Downloading header for clamd to pack into transaction set. clamd-0.88.7-1.i386.rpm 100% |=========================| 4.7 kB 00:00 ---> Package clamd.i386 0:0.88.7-1 set to be updated ---> Downloading header for clamav to pack into transaction set. clamav-0.88.7-1.i386.rpm 100% |=========================| 7.4 kB 00:00 ---> Package clamav.i386 0:0.88.7-1 set to be updated --> Running transaction check --> Processing Dependency: clamav-db = 0.88.7-1 for package: clamav --> Restarting Dependency Resolution with new changes. --> Populating transaction set with selected packages. Please wait. ---> Downloading header for clamav-db to pack into transaction set. clamav-db-0.88.7-1.i386.r 100% |=========================| 2.6 kB 00:00 ---> Package clamav-db.i386 0:0.88.7-1 set to be updated --> Running transaction check . Dependencies Resolved . ============================================================================= Package Arch Version Repository Size ============================================================================= Installing: dansguardian-av i386 2.8.0.6-1 SecurityTeamUS 309 k Installing for dependencies: clamav i386 0.88.7-1 SecurityTeamUS 944 k clamav-db i386 0.88.7-1 SecurityTeamUS 7.3 M clamd i386 0.88.7-1 SecurityTeamUS 64 k libesmtp i386 0.8.12-1 SecurityTeamUS 176 k . Transaction Summary ============================================================================= Install 5 Package(s) Update 0 Package(s) Remove 0 Package(s) Total download size: 8.8 M Is this ok [y/N]: y . Start ClamAV daemon : service clamd start By default, clamd should listen on 127.0.0.1:3310 Set up DansGuardian-av this way : reportinglevel = 3 languagedir = '/etc/dansguardian/languages' language = 'ukenglish' loglevel = 3 logexceptionhits = on logfileformat = 1 loglocation = '/var/log/dansguardian/access.log' filterip = filterport = 8080 proxyip = 127.0.0.1 proxyport = 3128 nonstandarddelimiter = on usecustombannedimage = 1 custombannedimagefile = '/etc/dansguardian/transparent1x1.gif' filtergroups = 1 filtergroupslist = '/etc/dansguardian/filtergroupslist' bannediplist = '/etc/dansguardian/bannediplist' exceptioniplist = '/etc/dansguardian/exceptioniplist' banneduserlist = '/etc/dansguardian/banneduserlist' exceptionuserlist = '/etc/dansguardian/exceptionuserlist' showweightedfound = on weightedphrasemode = 0 urlcachenumber = 3000 urlcacheage = 900 phrasefiltermode = 2 preservecase = 0 hexdecodecontent = 0 forcequicksearch = 0 reverseaddresslookups = off reverseclientiplookups = off createlistcachefiles = on maxuploadsize = -1 maxcontentfiltersize = 256 usernameidmethodproxyauth = on usernameidmethodident = off preemptivebanning = on forwardedfor = off usexforwardedfor = off logconnectionhandlingerrors = on maxchildren = 120 minchildren = 8 minsparechildren = 4 preforkchildren = 6 maxsparechildren = 32 maxagechildren = 500 ipcfilename = '/tmp/.dguardianipc' urlipcfilename = '/tmp/.dguardianurlipc' pidfilename = '/var/run/dansguardian.pid' nodaemon = off nologger = off daemonuser = 'nobody' daemongroup = 'nobody' softrestart = off virusscan = on virusengine = 'clamav' tricklelength = 32768 forkscanlength = 32768 firsttrickledelay = 10 followingtrickledelay = 10 maxcontentscansize = 41904304 virusscanexceptions = on urlcachecleanonly = on virusscannertimeout = 60 notify = 2 # will notify the admin only emaildomain = 'domain.be' postmaster = 'admin@domain.be' emailserver = '127.0.0.1:25' downloaddir = '/tmp/dgvirus' clmaxfiles = 1500 clmaxreclevel = 3 clmaxfilesize = 10485760 clblockencryptedarchives = off cldetectbroken = off clamdsocket = '127.0.0.1:3310' This is my configuration, please review it to match your needs Make sure dansguardian will start at boot : chkconfig dansguardian on Start DansGuardian : service dansguardian start Now, you can set up your browser preference to use the antivirus web proxy (IP:8080) If you want to set dansguardian as a transparent proxy : 1. Edit /etc/squid/squid.conf and add : httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on 2. Type this at the command prompt (where your local subnet is 10.0.0.0/24 and your LAN interface is eth0) : iptables -t nat -A PREROUTING -i eth0 -s 10.0.0.0/24 -p tcp --dport 80 -j REDIRECT --to-port 8080 3. Save your iptables configuration, type : iptables-save > /etc/sysconfig/iptables Squid logs can be tailed here : tail -f /var/log/squid/access.log DansGuardian logs can be tailed here : tail -f /var/log/dansguardian/access.log |
No comments:
Post a Comment